We need two Internets. One that is designed for playing around. Got it. And a second trusted Internet for doing serious things. Here’s why.
My take on the root cause of most, if not all, of our Internet problems goes like this.
When the Internet was designed, trust was an assumption, not a feature. The original Internet was ARPANET. The founding community of research facilities, universities, and military knew and trusted each other. No one bothered to design trust into the network because it already existed outside, in the user base. Instead, features like standards for connectivity, reliability, ease of adoption and scalability were the priorities back in 1969. TCP/IP was all about delivering packets of data. During the 1980’s, the ARPANET backbone transitioned into today's Internet.
Back in 1973, a newspaper article warned as follows. “Many people are concerned about the threat that these systems may present to security and individual privacy. But those working on ARPANET feel these problems can be solved, and the solutions may not be very expensive if they are only taken into consideration from the very beginning.” They weren’t. To be fair, society has spent hundreds of billions on cyber-security since and is still far from solving the problem. Maybe we should not be too hard on the originators for their failure of imagination.
The fact of the matter remains that TCP/IP is a “dumb core” that essentially delegates all aspects of trust to the Internet users. Today’s Internet has three billion users and ten billion connected devices. This is no longer the small, trusted community envisioned when we started this journey.
Can we get to a Trusted Internet?
How do I put this? Let’s start by saying that I don’t really want to rely on today’s Internet as the backbone for our critical infrastructure. Nor for my self-driving car or smart home. Too much risk. Like walking through a bad part of town at night. And cyber-security is an illusion – about as useful as carrying a can of mace and bandaids.
A trusted Internet must be built on technology that restricts or mitigates human behavior. But that would be at odds with an open, anonymous Internet that really does provide a lot of benefits we would hate to give up. So, give me a choice of which one to use, when and for what. We need a second Internet – one that is trusted, probably built on the concept of one-person with one account. Putting trust (identity, privacy and security) into all levels of the technology stack is essential.
The answer is not either-or. it’s about “and-both”. Perhaps a trusted Internet could be built as a virtual software-defined network within the existing Internet infrastructure. Our current examples of this are not that wonderful: dark-web, China, Iran and North Korea. But let’s just consider them proof of concepts and use our imagination.
I want a second trusted Internet with identification-by-default to use for really important things. For playing around, just retain our existing anonymous-by-default Internet. Is that really too much to ask?